Cybersecurity’s role in U.S. trade agreements, starting with NAFTA

We must modernize our trade agreements to incorporate cybersecurity cooperation, and cooperation with our closest neighbors through NAFTA is a good place to start.

Cybersecurity is a major global economic force, with spending estimated to reach more than $100 billion by 2018, and more than $170 billion by 2020. North America has the largest cybersecurity market in the world, and the United States accounts for the biggest portion, making the industry an important source of well-paying, high-value jobs.

Digital security is critical to every industry, from healthcare and finance to manufacturing and agriculture. But the nature of today’s global networks means that cyberattacks do not stop at national borders. Security lapses abroad can cause catastrophic harm to U.S. businesses, our critical infrastructure and economy. To increase both economic and national security, it’s imperative that U.S. cybersecurity companies continue to innovate both at home and abroad.

Later this week, the federal government has an opportunity to help better protect U.S. businesses by conveying the U.S. priority on establishing international cybersecurity norms as part of the renegotiation of the North American Free Trade Agreement (NAFTA). Secure computing has become paramount in the global digital economy. We must modernize our trade agreements to incorporate cybersecurity cooperation, and cooperation with our closest neighbors through NAFTA is a good place to start.

Cybersecurity Cooperation

That’s why Tenable joined fellow cybersecurity industry leaders in writing a letter to United States Trade Representative (USTR) Robert Lighthizer and Secretary of Commerce Wilbur Ross, urging the inclusion of cybersecurity cooperation in renegotiation efforts. While the inclusion of digital goods and services was included in the recently-released negotiating objectives, a robust discussion of how to work toward global cybersecurity standards and global norms would serve all parties’ collective interests.

There is widespread agreement, even among industry competitors, on the value of international cybersecurity standards. Among other benefits, these standards seek to discourage the use of cybersecurity-related trade barriers, such as data localization, and provide greater security to U.S. businesses by raising the baseline cybersecurity level of trading partners.

One of the most effective ways to protect our nation from cybercriminals is to make cybersecurity an economic priority and a trade incentive as part of all trade agreement negotiations.

Risk Management & Encryption

In our letter, we also urged USTR to promote voluntary cyber risk management frameworks, like the National Institute of Standards and Technology (NIST) Cybersecurity Framework, among the parties involved in NAFTA. The NIST Framework has met widespread adoption among the private and public sector in the U.S. due to its flexible, voluntary standards and the fact that it was developed in a transparent, multi-stakeholder process. Alignment around this kind of framework would be equally valuable among North American trade partners.

Encryption also plays an important role in establishing international cybersecurity standards. As part of the renegotiation efforts, NAFTA should prohibit governments from requiring access to encryption keys and source code as a condition for market access.

Reframing Cybersecurity’s Role

In today’s digital world, every company is a technology company. We can’t afford to overlook the importance of making cybersecurity a critical component of daily business, both in the U.S. and overseas. I believe this starts by reimagining and reframing cybersecurity’s role in international trade agreements. If our governments can work together to make it harder for cyber adversaries to succeed, we all benefit.